From 92b1c3b6041d3c760e5351b17d64523965ff99a1 Mon Sep 17 00:00:00 2001 From: "teor (Tim Wilson-Brown)" Date: Tue, 2 Feb 2016 15:05:59 +1100 Subject: [PATCH] Update ExitPolicy when interface addresses change Tor exit relays reject local interface addresses in their exit policy. Make sure those policies are updated when interface addresses change. --- changes/bug18208 | 5 +++++ src/or/main.c | 12 ++++++++++-- 2 files changed, 15 insertions(+), 2 deletions(-) create mode 100644 changes/bug18208 diff --git a/changes/bug18208 b/changes/bug18208 new file mode 100644 index 0000000000..d6d194bb4d --- /dev/null +++ b/changes/bug18208 @@ -0,0 +1,5 @@ + o Minor bug fixes (exit policies, security): + - Refresh an exit relay's exit policy when interface addresses change. + Previously, tor only refreshed the exit policy when the configured + external address changed. + Closes ticket 18208 on tor 0.2.7.3. Patch by "teor". diff --git a/src/or/main.c b/src/or/main.c index bd4f7eaa71..1e8c175222 100644 --- a/src/or/main.c +++ b/src/or/main.c @@ -2195,7 +2195,10 @@ got_libevent_error(void) void ip_address_changed(int at_interface) { - int server = server_mode(get_options()); + const or_options_t *options = get_options(); + int server = server_mode(options); + int exit_reject_private = (server && options->ExitRelay + && options->ExitPolicyRejectPrivate); if (at_interface) { if (! server) { @@ -2209,10 +2212,15 @@ ip_address_changed(int at_interface) reset_bandwidth_test(); stats_n_seconds_working = 0; router_reset_reachability(); - mark_my_descriptor_dirty("IP address changed"); } } + /* Exit relays incorporate interface addresses in their exit policies when + * ExitPolicyRejectPrivate is set */ + if (exit_reject_private || (server && !at_interface)) { + mark_my_descriptor_dirty("IP address changed"); + } + dns_servers_relaunch_checks(); }